Wfuzz

Web fuzzer for content discovery supporting multiple injection points and authentication

Recon & OSINT11 commands

#fuzzer#content#discovery#python#web

Installation

1Install via pip

2Verify installation

# Using pip
pip install wfuzz

# Verify
wfuzz --help

# Update
pip install --upgrade wfuzz

Basic Usage

Fuzz web applications for hidden content with multiple payload positions

# Directory fuzzing
wfuzz -w wordlist.txt https://example.com/FUZZ

# Multiple payload positions
wfuzz -w users.txt -w passwords.txt https://example.com/FUZZ/FUZ2Z

# File extension fuzzing
wfuzz -w wordlist.txt -w extensions.txt https://example.com/FUZZ.FUZ2Z

# POST parameter fuzzing
wfuzz -w params.txt -d "FUZZ=test" https://example.com/login

# HTTP header fuzzing
wfuzz -w wordlist.txt -H "User-Agent: FUZZ" https://example.com

# Filter by response code
wfuzz -w wordlist.txt --hc 404 https://example.com/FUZZ

# Filter by response size
wfuzz -w wordlist.txt --hw 123 https://example.com/FUZZ

# With cookie authentication
wfuzz -w wordlist.txt -b "session=abc123" https://example.com/FUZZ

Command Reference

11 commands

1Wordlist file (multiple -w for multiple payloads)

-w

2Hide responses with status code

--hc

3Hide responses with word count

--hw

4Hide responses with line count

--hl

5Hide responses with character count

--hh

6Cookie data

-b

7Custom header

-H

8POST data

-d

9HTTP method

-X

10Proxy (e.g., 127.0.0.1:8080)

-p

11Number of threads

-t

When to Use

Content discovery in web application assessments

Authentication bypass testing with multiple payload positions

Parameter fuzzing for hidden functionality

Header injection testing

HTTP method brute-forcing and discovery

Notes & Tips

Supports multiple payload injection points with FUZZ, FUZ2Z, etc.

Can output results in different formats (json, html, raw)

Built-in filtering by response code, size, lines, or words

Compatible with Burp Suite proxy for manual review

Common Errors & Solutions

No results matching filter

Reduce filter strictness or check if the target is accessible

Connection errors

Use -p flag with proxy or increase timeout with -t flag

# Directory fuzzing wfuzz -w wordlist.txt https://example.com/FUZZ # Multiple payload positions wfuzz -w users.txt -w passwords.txt https://example.com/FUZZ/FUZ2Z # File extension fuzzing wfuzz -w wordlist.txt -w extensions.txt https://example.com/FUZZ.FUZ2Z # POST parameter fuzzing wfuzz -w params.txt -d "FUZZ=test" https://example.com/login # HTTP header fuzzing wfuzz -w wordlist.txt -H "User-Agent: FUZZ" https://example.com # Filter by response code wfuzz -w wordlist.txt --hc 404 https://example.com/FUZZ # Filter by response size wfuzz -w wordlist.txt --hw 123 https://example.com/FUZZ # With cookie authentication wfuzz -w wordlist.txt -b "session=abc123" https://example.com/FUZZ